Use the Panorama Web Interface

Use the Panorama Web Interface

The web interface on both Panorama and the firewall
has the same look and feel. However, the Panorama web interface
includes additional options and a Panorama-specific tab for managing
Panorama and for using Panorama to manage firewalls and Log Collectors.

The following common fields appear in the header or footer of
several Panorama web interface pages.

Common Field

Description

Context

You can use the Context drop-down
above the left-side menu to switch between the Panorama web interface
and a firewall web interface (see Context
Switch).

In the Dashboard and Monitor tabs,
click refresh (
) in the tab header
to manually refresh data in those tabs. You can also use the unlabeled
drop-down on the right side of the tab header to select an automatic
refresh interval in minutes (1 min, 2 mins,
or 5 mins); to disable automatic refreshing,
select Manual.

Access Domain

An access domain defines access to specific
device groups, templates, and individual firewalls (through the Context drop-down).
If you log in as an administrator with multiple access domains assigned
to your account, the Dashboard, ACC,
and Monitor tabs display information (such
as log data) only for the Access Domain you
select in the footer of the web interface.

If only one
access domain is assigned to your account, the web interface does
not display the Access Domain drop-down.

Device Group

A device group comprises firewalls and virtual
systems that you manage as a group (see Panorama
> Device Groups). The Dashboard, ACC,
and Monitor tabs display information (such
as log data) only for the Device Group you
select in the tab header. In the Policies and Objects tabs,
you can configure settings for a specific Device Group or
for all device groups (select Shared).

Template

A template is a group of firewalls with
common network and device settings, and a template stack is a combination
of templates (see Panorama
> Templates). In the Network and Device tabs,
you configure settings for a specific Template or
template stack. Because you can edit settings only within individual templates,
the settings in these tabs are read-only if you select a template
stack.

View by: Device

By default,
the Network and Device tabs
display the settings and values available to firewalls that are
in normal operational mode and that support multiple virtual systems
and VPNs. However, you can use the following options to filter the
tabs to display only the mode-specific settings you want to edit:

In the Mode drop-down, select or clear the Multi
VSYS, Operational Mode, and VPN
Mode options.

Set all the mode options to reflect the mode configuration
of a particular firewall by selecting it in the View
by: Device drop-down.

Mode

The Panorama tab provides the following
pages for managing Panorama and Log Collectors.

Panorama Pages

Description

Setup

Select PanoramaSetup for the following tasks:

Specify general settings (such as the Panorama hostname)
and settings for authentication, logs, reports, AutoFocus™, banners,
the message of the day, and password complexity. These settings
are similar to those you configure for firewalls: select Device
> Setup > Management.

Back up and restore configurations, reboot Panorama, and
shut down Panorama. These operations are similar to those you perform
for firewalls: select Device
> Setup > Operations.

Define server connections for DNS, NTP, and Palo Alto Networks
updates. These settings are similar to those you configure for firewalls:
select Device
> Setup > Services.

Enables you to manage configuration options
in the Device and Network tabs.
Templates and template stacks enable you to reduce the administrative
effort of deploying multiple firewalls with the same or similar
configurations. Select Panorama
> Templates.

Device Groups

Enables you to configure device groups,
which group firewalls based on function, network segmentation, or
geographic location. Device groups can include physical firewalls,
virtual firewalls, and virtual systems.

Typically, firewalls
in a device group need similar policy configurations. Using the Policies and Objects tab
on Panorama, device groups provide a way to implement a layered
approach for managing policies across a network of managed firewalls.
You can nest device groups in a tree hierarchy of up to four levels.
Descendant groups automatically inherit the policies and objects
of ancestor groups and of the Shared location. Select Panorama
> Device Groups.

Managed Collectors

Enables you to manage Log Collectors. Because
you use Panorama to configure Log Collectors, they are also called managed
collectors. A managed collector can be local to the Panorama
management server (M-Series appliance or Panorama virtual appliance
in Panorama mode) or a Dedicated Log Collector (M-Series appliance
in Log Collector mode). Select Panorama
> Managed Collectors.

Enables you to manage Collector Groups.
A Collector Group logically groups Log Collectors so you can apply
the same configuration settings and assign firewalls to them. Panorama uniformly
distributes the logs among all the disks in a Log Collector and
across all members in the Collector Group. Select Panorama
> Collector Groups.

Enables you to view the latest application
definitions and information for new security threats, such as Antivirus
signatures (threat prevention license required) and then update
Panorama with the new definitions. Select Device
> Dynamic Updates.

Enables you to specify a master key to encrypt
private keys on Panorama. By default, Panorama stores private keys
in encrypted form even if you don’t specify a new master key. Select Device
> Master Key and Diagnostics.